Job Title

Auditor IICompany: Compliance Foundry | Comperis Cybersecurity | Fixpliance AILocation: Vadodara, Gujarat, India (In-Office Required)Employment Type: Full-TimeLevel: IC4 - Individual Contributor (Compliance/Security)About UsCompliance Foundry, Comperis Cybersecurity, and Fixpliance AI form a unified group delivering Managed Compliance as a Service and Security Engineering as a Service to SMBs across fintech, healthcare, and SaaS. We help international clients build and maintain security postures through expert engineering, compliance frameworks, and our proprietary FixplianceAI platform.We are a lean, founder-led organization where technical talent works directly with the CEO and engages with international clients daily. This is not a back-office role. It is a delivery-oriented position at the intersection of regulatory compliance, risk assessment, and managed audit services.About Vadodara, GujaratVadodara, often called the /"Cultural City of India (Sanskrutik nagri),/" is a historic center of learning and arts located in Gujarat. Home to several leading universities and educational institutions, the city offers a vibrant, diverse, and metropolitan community alongside a strong reputation for safety, cultural heritage, and low crime rates. With a significantly lower cost of living than major Indian metros, the city offers an excellent quality of life and is home to major companies such as Mastercard, Larsen & Toubro, and Tata Advanced Systems. The city's strategic location provides seamless connectivity via Vadodara Airport (flights to major Indian and international hubs) and Central Railway Station (direct rail access to Delhi, Mumbai, Bangalore, and other key business centers).The RoleWe are hiring an Auditor II (IC4) to serve as the primary compliance and audit point of contact for assigned international managed audit clients.This role is 80% client-facing and 20% internal, requiring a practitioner who can independently assess, document, and advise on compliance postures across multiple regulatory frameworks and business verticals.You will own entire audit domains (e.g., Access Control, Cryptography, Incident Response) for assigned clients. You will lead audit engagements end-to-end: from scoping and control mapping through evidence collection, gap analysis, remediation recommendations, and audit closure. You will report directly to the Technical Founder and CEO, participate in engagement strategy, and collaborate with security engineering and product teams.What You'll DoClient Engagement and Audit Delivery (80%)Serve as the primary audit contact for assigned international clients across fintech, healthcare, and SaaS verticalsConduct detailed compliance assessments across regulatory frameworks: ISO 27001, SOC 2 (Type I and Type II), GDPR, HIPAA/HITECH, DORA, and industry-specific standardsMap client business and technical processes to regulatory requirements and control frameworksOwn specific audit domains (Access Control, Cryptography, Incident Response, Data Protection, Network Security, etc.) and drive audit cycle completionDesign control frameworks tailored to client risk profiles, regulatory mandates, and business constraintsAuthor detailed audit plans, control matrices, evidence collection protocols, and audit workpapersConduct control testing using structured methodologies: observation, inspection, inquiry, and recalculationDocument evidence with rigor and precision, maintaining the chain of custody and audit traceabilityIdentify control gaps, assess remediation effort, and recommend practical, cost-effective solutionsLead audit meetings with client stakeholders, communicate findings clearly to technical and business audiencesDrive remediation closure; verify implementation and re-test controls to confirm remediation is effectivePrepare audit summary reports and regulatory submission materials (SOC 2 Type II reports, ISO 27001 certificates, GDPR-DPA readiness assessments)Manage SLA commitments, audit milestones, and client satisfaction metricsInternal Collaboration (20%)Collaborate with security engineering teams to understand implemented controls and evidence availabilityProvide product feedback based on field experience with FixplianceAI and client audit needsContribute to runbooks, audit program documentation, and internal knowledge base expansionParticipate in Agile ceremonies and sprint planningSupport junior auditors and audit team development through mentorship and code reviewWhat We're Looking ForTechnical CompetenciesYou must demonstrate hands-on proficiency across compliance and audit domains. You are not expected to be expert-level in every framework, but you must show working knowledge across the full spectrum and deep expertise in at least one audit domain.Compliance Frameworks:ISO 27001 (ISMS design, controls, gap analysis, readiness assessments)SOC 2 Type I and Type II (scoping, control design, operating effectiveness testing, reporting)GDPR (Articles 5, 25, 28, 32, 33; DPA requirements; data subject rights)HIPAA/HITECH (administrative, physical, technical safeguards; BAA management)DORA (ICT risk management, operational resilience, third-party dependencies)Industry-specific standards: payment card security (PCI DSS), healthcare (HITRUST), financial services (SOX, ISO 27001 derivatives)Audit and Control Competencies:Control design and control frameworks (COSO, ISO 27001, NIST Cybersecurity Framework)Audit planning, scoping, and evidence collection methodologiesControl testing techniques: observation, inspection, inquiry, recalculation, and system access validationRisk assessment and gap analysis: identifying control deficiencies and remediation strategiesEvidence documentation, working paper organization, and audit trail maintenanceRemediation closure verification and re-testingTechnical Security Knowledge:Cloud security controls: IAM, encryption, logging, network segmentation (AWS, Azure, GCP)Infrastructure security: firewalls, VPNs, IDS/IPS, endpoint securityApplication security: SAST/DAST, secure code review, dependency scanningData security: encryption at rest/in transit, DLP, key management, data residencyIncident response and forensics: playbook review, investigation procedures, breach notificationCryptography: encryption standards, key management, digital signatures, certificate managementProfessional Skills:Native English fluency (written and spoken). This is a client-facing role; communication quality is non-negotiableDemonstrated ability to lead audit meetings, present findings to executive and technical audiences, and manage client relationships professionallyExperience authoring detailed audit workpapers, control matrices, and compliance assessment reportsProficiency with Agile/Scrum methodologiesExperience with client project planning, audit timeline management, and SLA trackingComfort operating in fast-moving startup environments where processes and frameworks are continuously refinedSelf-starter mentality: operate independently, manage competing audit priorities, and drive audit cycles to closureAbility to translate technical security controls into business risk language for non-technical stakeholdersAI Proficiency:Demonstrated proficiency in leveraging AI/LLM tools for productivity and audit workflows (e.g., evidence summarization, control gap analysis, remediation recommendation drafting)AI is a core force multiplier in our delivery model, not optionalNice to Have:Professional certifications: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CISSPBig 4 or mid-market audit firm experienceSOC 2 Type II or ISO 27001 certification audit experience (not just consulting)Fintech, healthcare, or SaaS industry backgroundExperience with audit tools and evidence management platformsWhy Join UsWork with international fintech, healthcare, and SaaS clientsDirect collaboration with company leadershipDevelop nuanced, practical expertise in how regulatory requirements translate to control implementationWorking Hours2:00 PM - 11:00 PM IST, Monday–Saturday, with occasional weekend windows for audit fieldwork, client meetings across time zones, and final audit closure cycles.The Application ProcessThe initial screening includes a take-home assignment that requires the use of an AI tool. This is intentional and reflects our operating model: we evaluate how effectively you leverage AI as a force multiplier, not whether you can solve problems without it.Equal OpportunityCompliance Foundry | Comperis Cybersecurity | Fixpliance AI is an equal opportunity employer. We evaluate candidates based on merit, qualifications, and business needs.